Preparing for crisis management is now necessary for most companies and large organizations. Conscious of the risk or driven by regulations (the DORA regulation is a good example), crisis exercises and simulations have become an unmissable annual event. Even if…
How to ensure the security of your applications despite outsourcing their development? Integrating security into projects is an important process for companies to define and integrate security aspects into products as early as possible. This avoids increasing the cost…
FOCUS TECH BLINDSIDE Facing the EDR behavioral supervision, attackers develop techniques for successful attacks by staying under the radars. One of these techniques is called Blindside. This technique works on many EDRs relying on a hook and was revealed by…
Who would have known that locking your employees in a room for 15 minutes could become their new favorite way to learn about cybersecurity? In a never-ending quest to find innovative ways to raise awareness on cybersecurity topics, the Wavestone team…
Regularly rethinking your cyber strategy is a must for cybersecurity teams. Changes in the threat, regulations, business priorities, etc., necessitate an in-depth review of the action plan at least once every three years, or yearly, if necessary. To accomplish this,…
In our last Assume Breach engagement, the client gave us a domain-joined computer and a VPN access telling it was the only option to access the internal domain. Other computers would be able to access to some resources using specific…
Once again, the CERT-W 2022 report confirms that the main motivation of attackers continues to be financial gain and ransomware remains the most common means of extortion. Ransomware attacks are among the most severe cyberattacks in terms of their impact on…
FOCUS TECH BRING YOUR OWN VULNERABLE KERNEL DRIVER (BYOVKD) Facing the EDR behavioral supervision, attacker develops techniques for successful attacks by staying under the radars. One of these techniques is called BYOVKD: Bring Your Own Vulnerable Kernel Driver. Even if…
The encryption of data in transit and at rest now makes it possible to ensure a good level of security. For data being processed, a solution is now emerging confidential computing. I had the opportunity to organize a round table…
Dashboards are an essential tool for CISOs to measure and control risks in their scope, to steer their projects and to inform their management of the company’s cyber health evolution. However, according to Wavestone’s Cyber benchmark results from 2022, 47%…
